Bug 83472 - Signed Integer Overflow - 38176028
Summary: Signed Integer Overflow - 38176028
Status: RESOLVED DUPLICATE of bug 79111
Alias: None
Product: gcc
Classification: Unclassified
Component: demangler (show other bugs)
Version: unknown
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
: 85660 87602 (view as bug list)
Depends on:
Blocks: 87602
  Show dependency treegraph
Reported: 2017-12-18 20:43 UTC by Google-Autofuzz
Modified: 2018-10-31 06:58 UTC (History)
0 users

See Also:
Known to work:
Known to fail:
Last reconfirmed:

PoC + Dockerfile (1.58 KB, application/zip)
2017-12-18 20:43 UTC, Google-Autofuzz

Note You need to log in before you can comment on or make changes to this bug.
Description Google-Autofuzz 2017-12-18 20:43:48 UTC
Created attachment 42909 [details]
PoC + Dockerfile

Filing here per:  https://sourceware.org/bugzilla/show_bug.cgi?id=22610

Hello binutils team,

As part of our fuzzing efforts at Google, we have identified an issue affecting
binutils (tested with revision * master 79e741920446582bd0e09f3e2b9f899c258efa56).

To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:

TL;DR instructions:
* `mkdir project`
* `cp Dockerfile /path/to/project`
* `docker build --no-cache /path/to/project`
* `docker run -it image_id_from_docker_build`

From another terminal, outside the container:
`docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer`
(reference: https://docs.docker.com/engine/reference/commandline/cp/)

And, back inside the container:
`/fuzzing/repro.sh /fuzzing/reproducer`

Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:

/fuzzing/binutils-gdb/libiberty/cplus-dem.c:3597:10: runtime error: signed integer overflow: 777777777 * 10 cannot be represented in type 'int'
SUMMARY: AddressSanitizer: undefined-behavior /fuzzing/binutils-gdb/libiberty/cplus-dem.c:3597:10 in 

We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.

Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".

We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.

Don't hesitate to let us know if you have any questions!

Google AutoFuzz Team
Comment 1 Google-Autofuzz 2017-12-18 21:08:00 UTC
Copy and paste error, sorry for calling you the binutils teams, gcc/demangler team.  :)
Comment 2 Andrew Pinski 2018-10-31 06:47:28 UTC
*** Bug 87602 has been marked as a duplicate of this bug. ***
Comment 3 Andrew Pinski 2018-10-31 06:54:56 UTC
*** Bug 85660 has been marked as a duplicate of this bug. ***
Comment 4 Andrew Pinski 2018-10-31 06:58:57 UTC

*** This bug has been marked as a duplicate of bug 79111 ***